Generally, once an email message is sent to a recipient, the recipient is free to forward the email message to any number of subsequent recipients. That is, a recipient of an email message generally has an unlimited ability to forward or redistribute the received email message. The unrestricted ability to forward or retransmit email messages may be a serious problem, especially when handling confidential or sensitive information, such as marketing strategies, financial information, or personal information.
The available mechanisms for controlling the forwarding of email messages is relatively limited. An email sender may include the desired recipients in the to, cc, or bcc addressable fields, trusting that any of the intended recipients of the email will exercise the appropriate discretion and not forward the email message to any other users. This mechanism requires a high level of trust between the sender and the intended recipients.
Other options for controlling the forwarding of email messages include the use of “do not forward” flags, which may prevent any of the email recipients of a particular email message from forwarding the email message. While this mechanism may prevent all forwarding of the email message it may, at times, prove overly restrictive and cumbersome. For example, a manager may send email instructions or information to a supervisor with an active “do not forward” flag. The supervisor would then be prevented from forwarding the email to members of the supervisor's team, who may actually carry out the instructions, without requesting permission from the manager.
Another mechanism for controlling the downstream distribution of email messages is an “enterprise confidentiality flag.” The “enterprise confidentiality flag” may allow unlimited forwarding of an email message within a company, while preventing the email message from being forwarded to recipients outside of the enterprise. In various situations, the “enterprise confidentiality flag” may prove to be overly restrictive and in other situations it may prove to be too permissive. For example, the “enterprise confidentiality flag” may complicate cooperative activities between two separate companies, e.g., by preventing emails sent with an active “enterprise confidentiality flag” from being forwarded to recipients in the cooperating company. Furthermore, while the “enterprise confidentiality flag” may prevent an email message from being forwarded to recipients outside of the company, the email message may still be freely forwarded to any recipient within the company.